Security: Difference between revisions
| [unchecked revision] | [unchecked revision] |
(Started work on page) |
(Added memory protection mechanisms, reorganized the article a bit.) |
||
| Line 1: | Line 1: | ||
{{In Progress}} |
{{In Progress}} |
||
| ⚫ | Security in an OS is a very important issue. It not only includes security from outside sources, such as viruses and hacking, but internal security as well. For example, the OS is responsible for making sure that processes don't access memory outside of their own address space. If a program does so, it must be shutdown to protect other 'well behaved' programs. Operating system security can be divided into two basic categories, high-level and low-level security. |
||
== Low-level Protection Mechanisms== |
|||
== Operating System Security == |
|||
There are several different low-level protection mechanisms at the disposal of the operating system programmer. The first mechanism, called "CPU Rings" or more simply "rings", controls which CPU instructions are allowed to be executed. The second and third protection mechanisms are related to memory access. They are called "Paging" and "Segmentation" respectively. They control which areas of memory are allowed to be accessed and/or how those areas of memory are allowed to be accessed. |
|||
| ⚫ | Security in an OS is a very important issue. It not only includes security from outside sources, such as viruses and hacking, but internal security as well. For example, the OS is responsible for making sure that processes don't access memory outside of their own address space. If a program does so, it must be shutdown to protect other 'well behaved' programs. |
||
| ⚫ | |||
| ⚫ | |||
Rings offer a protection layer for programs. They allow certain levels of resource access to processes. This is good, because it keeps bad programs from messing things up. There are, however, several downsides: The more CPU rings you use, the more the OS is tied to the architecture. You can, however, have several architectures each with it's own ring switching code. Another issue with this is that you OS must have a [[TSS]] set up and several other features, making ring switching much more difficult than just running all programs in kernel mode. There are a total of 4 rings in most common architectures: |
Rings offer a protection layer for programs. They allow certain levels of resource access to processes. This is good, because it keeps bad programs from messing things up. There are, however, several downsides: The more CPU rings you use, the more the OS is tied to the architecture. You can, however, have several architectures each with it's own ring switching code. Another issue with this is that you OS must have a [[TSS]] set up and several other features, making ring switching much more difficult than just running all programs in kernel mode. There are a total of 4 rings in most common architectures: |
||
=== Ring 0 === |
==== Ring 0 ==== |
||
This is kernel mode or supervisor mode. This level has the least protection, and the most access to resources. When starting up, the OS runs in this mode unless it switches out. Interrupt handlers run in this mode. |
This is kernel mode or supervisor mode. This level has the least protection, and the most access to resources. When starting up, the OS runs in this mode unless it switches out. Interrupt handlers run in this mode. |
||
=== Rings 1 and 2 === |
==== Rings 1 and 2 ==== |
||
These rings are mostly used for device drivers. They offer more protection, but not as much as ring 3. |
These rings are mostly used for device drivers. They offer more protection, but not as much as ring 3. |
||
=== Ring 3 === |
==== Ring 3 ==== |
||
This is the ring that most OS's use for applications. This ring is also called Userland, or Userspace. It has the most protection and the least resource access. |
This is the ring that most OS's use for applications. This ring is also called Userland, or Userspace. It has the most protection and the least resource access. |
||
| Line 20: | Line 20: | ||
Sometimes applications need access to resources that their ring wont allow. If they try to access them, a General Protection Fault (int 13) will be triggered, and the application shutdown. The application must interface with the kernel somehow, and mostly this is done with [[System Calls]]. |
Sometimes applications need access to resources that their ring wont allow. If they try to access them, a General Protection Fault (int 13) will be triggered, and the application shutdown. The application must interface with the kernel somehow, and mostly this is done with [[System Calls]]. |
||
===Paging=== |
|||
See [[Paging]] |
|||
===Segmentation=== |
|||
See [[Segmentation]] |
|||
==High-level protection Mechanisms== |
|||
High level security in an operating system can be accomplished in many different ways. One way would be through file permissions in a [[VFS]]. Files in *nix have a 'permission' value in their inode entry. This controls which users can read, write, execute or delete a file. These are mostly controlled by the [[File Systems]]. |
|||
Revision as of 08:57, 17 April 2008
Security in an OS is a very important issue. It not only includes security from outside sources, such as viruses and hacking, but internal security as well. For example, the OS is responsible for making sure that processes don't access memory outside of their own address space. If a program does so, it must be shutdown to protect other 'well behaved' programs. Operating system security can be divided into two basic categories, high-level and low-level security.
Low-level Protection Mechanisms
There are several different low-level protection mechanisms at the disposal of the operating system programmer. The first mechanism, called "CPU Rings" or more simply "rings", controls which CPU instructions are allowed to be executed. The second and third protection mechanisms are related to memory access. They are called "Paging" and "Segmentation" respectively. They control which areas of memory are allowed to be accessed and/or how those areas of memory are allowed to be accessed.
Rings
Rings offer a protection layer for programs. They allow certain levels of resource access to processes. This is good, because it keeps bad programs from messing things up. There are, however, several downsides: The more CPU rings you use, the more the OS is tied to the architecture. You can, however, have several architectures each with it's own ring switching code. Another issue with this is that you OS must have a TSS set up and several other features, making ring switching much more difficult than just running all programs in kernel mode. There are a total of 4 rings in most common architectures:
Ring 0
This is kernel mode or supervisor mode. This level has the least protection, and the most access to resources. When starting up, the OS runs in this mode unless it switches out. Interrupt handlers run in this mode.
Rings 1 and 2
These rings are mostly used for device drivers. They offer more protection, but not as much as ring 3.
Ring 3
This is the ring that most OS's use for applications. This ring is also called Userland, or Userspace. It has the most protection and the least resource access.
Most OS's use only Ring 0 and 3. This is because rings 1 and 2 are unneeded, as device drivers can run in either ring.
Sometimes applications need access to resources that their ring wont allow. If they try to access them, a General Protection Fault (int 13) will be triggered, and the application shutdown. The application must interface with the kernel somehow, and mostly this is done with System Calls.
Paging
See Paging
Segmentation
See Segmentation
High-level protection Mechanisms
High level security in an operating system can be accomplished in many different ways. One way would be through file permissions in a VFS. Files in *nix have a 'permission' value in their inode entry. This controls which users can read, write, execute or delete a file. These are mostly controlled by the File Systems.